<?php

require_once( $_SERVER['DOCUMENT_ROOT'].'/../libs/smarty.inc' );

require_once( $_SERVER['DOCUMENT_ROOT'].'/../libs/Class_DB.php' );

require_once( $_SERVER['DOCUMENT_ROOT'].'/../libs/Class_ERROR.php' );



$err = false;



if( $_SERVER['REQUEST_METHOD'] == 'POST' ){



	$forms = $_POST;



	$id = $forms['login_id']; $pass = $forms['login_pass'];



	if( $id != '' && $pass != ''){



		$db = new Class_DB;



		//$db->DEBUG = true;



		$sql = sprintf("SELECT * FROM M_STAFF WHERE login_id = '%s' AND login_pass = '%s' AND status <> 1",

			mysql_real_escape_string( $id ),

			mysql_real_escape_string( $pass )

		);

		$db->query( $sql );



		if( $db->num_rows() ){

			$row = $db->fetch();



			session_name( 'ENDEAVOR' );

			session_start();

			

			$_SESSION['ADMIN_LOGIN']['STAFF_SEQ'] = $row['staff_id'];

			$_SESSION['ADMIN_LOGIN']['STAFF_ID'] = $row['staff_id'];

			$_SESSION['ADMIN_LOGIN']['STAFF_NAME'] = $row['staff_name'];



			$sql = sprintf("SELECT * FROM D_STAFFAUTH WHERE staff_id = %s", mysql_real_escape_string( $_SESSION['ADMIN_LOGIN']['STAFF_SEQ'] ) );

			$db->query( $sql );

			while( $row = $db->fetch() ){

				$_SESSION['ADMIN_LOGIN']['AUTH_CD'][] = $row['auth_cd'];

			}

			header("Location: ./index.php");

			exit;

		}else{

			

			$err = true;

			$db->close();

		}



	}else{

		$err = true;

	}

	

	$err = true;

}



if( isset( $forms ) ) $smarty->assign('forms', $forms );

$smarty->assign('err', $err );

$smarty->display('web-admin/login.html');



?>